The Maine Attorney General's Office disclosed a data breach affecting CNB Bank & Trust, stemming from unauthorized access to Fiserv’s MOVEit Transfer environment between May 27, 2023, and May 31, 2023. The incident resulted in the exposure of personal and financial account information, including names and account numbers, of four Maine residents. While the breach was contained to a third-party vendor’s system (Fiserv), the compromised data belonged to CNB Bank & Trust’s customers. Notification letters to affected individuals were scheduled for November 15, 2023, indicating a delayed response in informing victims. The breach highlights vulnerabilities in third-party file transfer platforms, which are frequently targeted by cybercriminals for sensitive financial data. No evidence suggests the exposed data was misused, but the incident poses risks of fraud, identity theft, or phishing attacks against the impacted customers. The bank’s reliance on external vendors for critical data transfers introduces additional layers of risk, emphasizing the need for stricter oversight and proactive security measures in supply chain cybersecurity.
TPRM report: https://www.rankiteo.com/company/cnb-bank-&-trust-n-a-
"id": "cnb007091825",
"linkid": "cnb-bank-&-trust-n-a-",
"type": "Breach",
"date": "5/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '4 (Maine residents)',
'industry': 'Financial Services',
'location': 'United States (affecting Maine residents)',
'name': 'CNB Bank & Trust',
'type': 'Bank'},
{'industry': 'Technology',
'name': 'Fiserv',
'type': 'Financial Services Technology Provider'}],
'attack_vector': 'Exploitation of third-party software vulnerability (MOVEit '
'Transfer)',
'customer_advisories': 'Notification letters scheduled for November 15, 2023',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '4 (Maine residents)',
'personally_identifiable_information': 'Yes (names)',
'sensitivity_of_data': 'High (includes financial account '
'numbers)',
'type_of_data_compromised': ['personal information',
'financial account numbers']},
'description': "Unauthorized access to Fiserv's MOVEit Transfer environment "
'led to the exposure of personal information, including names '
'and financial account numbers of four Maine residents. The '
'breach occurred between May 27, 2023, and May 31, 2023.',
'impact': {'data_compromised': ['names', 'financial account numbers'],
'identity_theft_risk': 'Potential (personal information exposed)',
'payment_information_risk': 'Yes (financial account numbers '
'exposed)',
'systems_affected': ["Fiserv's MOVEit Transfer environment"]},
'references': [{'source': "Maine Attorney General's Office"}],
'regulatory_compliance': {'regulatory_notifications': 'Maine Attorney '
"General's Office"},
'response': {'communication_strategy': 'Notification letters to affected '
'individuals (scheduled for November '
'15, 2023)'},
'title': 'CNB Bank & Trust Data Breach via Fiserv MOVEit Transfer '
'Vulnerability',
'type': 'Data Breach',
'vulnerability_exploited': 'MOVEit Transfer environment vulnerability'}